Azure Active Directory and Power BI

NOTE: This information is good as of 9/15/2015 and is subject to change!

I get approached quite often regarding Azure Active Directory and how to get that working with Power BI. Here is an example of a question I received.

I am investigating Power BI and AD integration for a client. Could you recommend a recent resource that can provide direction please?

Or, it could be something like the following.

How do I use Azure Active Directory with Power BI?

This actually has nothing to do, directly, with Power BI. This is not a Power BI “thing”, it is an Azure Active Directory “thing”. Can’t log into Power BI without Azure Active Directory having the account you are signing in with.

To try and keep it simplified, I coined the term Office 365 Bubble. Really it is your Tenant. Any service that is used as part of that tenant is making use of Azure Active Directory. Power BI is one of those services. Examples of some other services are SharePoint Online, CRM Online, etc.

Azure Active Directory is a foundational piece of the tenant and stores the Users, Groups and Domains. It also allows for other settings and configurations. You can read more about AAD in the following article.

There is a tight relationship between Azure Active Directory and Office 365. If you manage users, groups or domains within the O365 Admin Center, you are actually modifying the AAD items. You can think of the O365 Admin Center as a wrapper around AAD, for those pieces.

What we really care about is, how to get the people that are using Power BI into Azure Active Directory, from an account perspective. So, the question becomes, how do we get the user into Azure Active Directory? Followed by, how to we get them to be able to use Power BI.

This can be done a few ways from an account perspective.

AdHoc Subscriptions

When you go to PowerBI.com and sign up for the free service, this will actually create the account for you within the Tenant. If a tenant doesn’t exist, one will be created under the hoods that you won’t have direct access to. This is the AdHoc Subscription sign up process. It can be disabled by a Tenant Admin. After the account is created, a free Power BI license is then assigned to that account. As an End User, you don’t even need to worry about any of this.

Manually adding an account

The easiest way to create an account, outside of the free sign up, is to just add the account manually. As a tenant Admin, you can just do this directly in the O365 Admin Center. Adding it here, will also have it reflected in the AAD Portal. This is a great option if you only have a few users you are adding.

Directory Sync (DirSync)

DirSync is a great option if you have a lot of users in a local domain that you want to include within AAD to allow them to use the services in the cloud. DirSync will create an account within AAD for the account in your local domain, and also provides options for Password syncs.

DirSync is part of the Azure Active Directory Connect tool. The following document talks about how to integrate your on-premises identities with Azure Active Directory.

Active Directory Federation Services (ADFS)

ADFS is all about Single Sign On. The idea here is that when I’m in my organization, in the office, it can pick up my Windows Token and I never see a login page having to enter a username an password. It just comes up. If you are outside of the office, it will present a login page that is part of the ADFS resource and not the normal Microsoft Online login page.

ADFS actually uses DirSync as part of it. ADFS is configured by way of the Azure Active Directory Connect tool for the Azure pieces of the configuration.